OWASP Launches New Agentic AI Security Maturity Framework
The Open Worldwide Application Security Project (OWASP) has recently introduced an innovative agentic AI security maturity framework aimed at assisting organizations in bridging the gap between the agentic systems they deploy and the governance those systems necessitate. This new framework emerged from the OWASP GenAI Security Project’s latest paper, titled State of Agentic AI Security and Governance, published on June 3.
This initiative was formally presented by Ariel Fogel, an AI security researcher at Pillar Security’s Office of the CTO and a co-lead of the report, during the OWASP GenAI Security Summit held at Infosecurity Europe 2026 on June 4. The framework is dubbed the ‘Enterprise Adoption Maturity Model’ and is marketed as a practical decision-making tool rather than a lengthy catalog of evolving rules.
Identifying Governance Gaps
Ariel Fogel highlighted a pressing issue faced by many organizations: the rapid deployment of AI agents often outpaces their ability to govern them effectively. He pointed out that governance frameworks are still operating at levels designed for simpler AI copilots, while teams are advancing to complex custom and multi-agent systems.
Framework Structure: Understanding Adoption and Governance Levels
The newly introduced framework maps out the governance problem along two interconnected dimensions. The first axis delineates what kinds of agentic systems are being deployed, ranging from shadow AI and single-vendor tools to custom-built agents and multi-agent federated systems. The authors delineated six levels of agentic AI adoption:
-
AT0 – Shadow AI: Characterized by a lack of organizational awareness or approval, where users independently adopt AI tools outside any governance.
-
AT1 – Vendor Embedded Assistant: This level features tools that are fully vendor-controlled, where organizations consume rather than build the technology.
-
AT2 – Platform Integrated: Here, an AI-native platform leverages organizational data but does not have the capacity to execute arbitrary code.
-
AT3 – Citizen Developer Agent: Users can configure flows and prompts without traditional coding, utilizing low-code/no-code platforms.
-
AT4 – Code Executing Agent: This level involves AI that can generate and execute code with local or cloud privileges.
- AT5 – Custom In-House Agent: The organization builds and maintains these agents, maintaining control over identity, tools, and boundaries.
The second axis in the framework assesses governance maturity, encompassing levels from ad hoc processes to continuous monitoring and automated enforcement. The four maturity levels are:
-
Level 0 – Unaware and Ad Hoc: Organizations lack formal recognition of the distinct governance and security risks associated with agentic AI. Shadow IT experiments occur without policies or oversight.
-
Level 1 – Experimentation Without Guardrails: This level features pilot projects that lack defined autonomy limits and governance, relying on generic AI policies without continuous monitoring.
-
Level 2 – Policy-Defined, Human-in-the-Loop: Formal policies exist that align use cases with regulations. A named owner oversees cross-functional governance, although monitoring is still periodic.
- Level 3 – Integrated, Continuous Oversight: At this level, agentic AI is regarded as critical infrastructure, with real-time tracking of workflows and a governance-as-code approach throughout the AI lifecycle.
Evaluating Adoption-Maturity Matches
Combining these criteria allows organizations to assess whether their governance is appropriate for their deployment. During the presentation, Fogel illustrated a table containing color-coded zones: green indicates matching governance and deployment, yellow signifies partial oversight, and red indicates a lack of adequate governance. "Avoid operating in the red cells," Fogel cautioned.
Practical Responses to Governance Gaps
The operational logic of the framework is straightforward: organizations place their agent at the deployment axis and evaluate whether their governance maturity aligns accordingly. If gaps are identified, the framework suggests two practical responses. Organizations can either invest in controls tailored for agentic systems or reduce the autonomy and permissions of the agent until satisfactory governance is achieved.
Importantly, the paper stresses that these required controls are not merely intensified versions of existing security measures. Fogel emphasized the need for monitoring systems that can operate at the same speed as agent workloads, which includes establishing live behavioral baselines, real-time containment, and responsive incident management.
Actionable Guidance for Organizations
John Sotiropoulos, another co-lead and board member of OWASP’s GenAI Security Project, further elaborated on the goal of the new framework: to minimize cognitive overload on teams. He warned that the frequent release of extensive guidelines could lead to user fatigue, rendering guidance ineffective. Instead, he highlighted the importance of adopting a streamlined decision-making process focused on identifying advanced agents in use, prioritizing high-risk workloads, and strategically investing in controls.
Sotiropoulos also linked improvements in governance to overarching business objectives, arguing that robust governance facilitates safe innovation rather than simply obstructing it. The approach encourages organizations to view governance upgrades as integral to fostering an environment conducive to responsible AI adoption.
Lastly, Fogel underscored the confluence of AI safety and security concerns at the deployment layer, noting that architectural decisions often create vulnerabilities in both realms. Thus, the maturity framework promotes aligned telemetry and incident response strategies to minimize misdiagnosis in emergency situations.
In conclusion, the OWASP’s new agentic AI security maturity framework aims to offer a well-structured approach for organizations looking to effectively manage their agentic AI systems while ensuring proper governance. By prioritizing actionable guidance and governance-maturity congruence, organizations are better equipped to harness AI’s potential responsibly.